Key rotation refers to a schedule or process for changing the key material.
Key rotation changes the encryption key. Key rotation is a must as all good keys do come to an end either through expiration or revocation.
Questions tagged [key-rotation]
20 questions
33
votes
3 answers
What's the purpose of key-rotation?
What's the purpose of key-rotation?
Does it have any effect on the probability of keys being breached in the first place? Does it refer to avoiding access after a breach to all past data, all future data, both or none?
Drathier
- 1,063
- 1
- 8
- 17
5
votes
1 answer
Apple "Find My" Key Rotation
Apple's Find My technology is described in this Wired article and explains how Apple, or other third parties, are not able to decrypt location data. It mentions how the keys are rotated every hour:
That public key frequently changes, "rotating"…
Jared
- 153
- 5
4
votes
1 answer
How is key rotation defined?
I'm aware that it's advisable to rotate cryptographic keys periodically. HKDF accepts high-entropy input (IKM - Input Key Material), and expands it to an arbitrary length. It also accepts a salt, the RFC states that "the use of salt adds…
hunter
- 4,051
- 6
- 29
- 42
4
votes
2 answers
key rotation AES
I`m trying to implement key rotation in my system due to policy.
In my system, the encrypted data is never deleted and has no expiration date.
I have encoutered 2 solutions:
Generate new key, decrypt all data with the old key and then encrypt it…
Ofek
- 41
- 1
- 2
4
votes
1 answer
Contrasting Key Rotation Requirements : Asymmetric vs. Symmetric Ciphers
I'm trying to contrast key rotation requirements for asymmetric and symmetric ciphers.
In the case of symmetric ciphers, we have the results such as the so called "CBC Theorem" (stated on pg. 24 of…
Rohit Khera
- 688
- 4
- 11
4
votes
2 answers
How many times can a key be used for HMAC-SHA256 before it needs to be rotated?
If I wanted to use hmac for proving that a value hadn't been tampered with, how many times can I use a key before it needs to be rotated?
mr blobby
- 43
- 4
3
votes
3 answers
Why is "key-rotation" called key-rotation?
The word "rotate" in respect to "key-rotation" has connotations of looping/repeating variable values like a rotor, but as far as I can tell there isn't a single definition available for "key-rotation" that involves re-using a key that was previously…
kayleeFrye_onDeck
- 133
- 6
3
votes
1 answer
How rotate RSA keys and how work with old encrypted data
I am planning to use the RSA for encryption my data and I am wondering - I've generated the keys pair with some limited expiration time and I will use this private and public keys for the purpose of encryption and decryption and in one time the…
Jenan
- 153
- 1
- 5
3
votes
1 answer
Self-expiring symmetric keys, or: cryptography in absence of secure deletion
I can encrypt some data D using a random symmetric key K, obtaining a ciphertext C, and then encrypt K with my public key Pub and obtain H. So far so good: I can only decrypt C if I have H and my private key Priv. My goal is to only bring around…
vincenzoml
- 131
- 3
3
votes
1 answer
Reversing Rotation + XOR
I have this cypher which is as follows :
Take 2 numbers : A=1011 and B=1010
if the ith bit of A is 1 then shift B i times to the left.
So in the end you will get something like
1010
1010
1010
So now you Apply XOR on these numbers which…
DollarAkshay
- 133
- 1
- 5
2
votes
1 answer
Mitigating the damage when a signing key is stolen
Let's say we have a server whose job is to sign documents using a private key. Let's say that there's a bug in the software and the private key gets stolen. I'm interested in mechanisms to mitigate the damage.
One thing you could do is have the…
jyelon
- 106
- 4
2
votes
0 answers
Unpredictable value rotation
I have very vey basic skills in cryptography, it's hard for me to explain clearly my problem so I will start with an example. Estimote beacons have a security function called secure UUID, once activated the beacon will change it's UUID randomly and…
user567
- 121
- 2
2
votes
2 answers
Key Exhaustion Risks in Symmetric and Asymmetric Cryptography
For the symetric keys it is recommend that the same key should not be used to encrypt large number(2^32) of cipher blocks to avoid the key-exhaustion risk.
Curious to know whether the asymmetric key cryptosystems also has such a risk? i tried to…
Bhuvan
- 123
- 3
1
vote
0 answers
Key rotation and versioning for encryption at rest
I'm working with a dev team who are implementing encryption at rest at the application level. It's for particularly sensitive fields inside an RDB. (The underlying DB storage has an additional layer of encryption, but that's off topic here.) We're…
meeque
- 11
- 1
1
vote
0 answers
How do I calculate key rotation schedules?
tl;dr: How do I formulaically determine key rotation schedules for different kinds of keys and use cases?
The organization I'm a part of for utilizes both symmetric and public/private key encryption for both external and internal communication. In…
EllipticSwerve
- 11
- 1